AVG-197

Package chromium
Status Fixed
Severity Critical
Type multiple issues
Affected 56.0.2924.87-1
Fixed 57.0.2987.98-1
Current 64.0.3282.167-1 [extra]
Ticket None
Created Sat Mar 11 15:30:00 2017
Issue Severity Remote Type Description
CVE-2017-5046 Medium Yes Information disclosure
An information disclosure flaw has been found in the Blink component of the Chromium browser.
CVE-2017-5045 Medium Yes Information disclosure
An information disclosure flaw has been found in the XSS Auditor component of the Chromium browser.
CVE-2017-5044 High Yes Arbitrary code execution
A heap overflow flaw has been found in the Skia component of the Chromium browser.
CVE-2017-5043 High Yes Arbitrary code execution
A use after free flaw has been found in the GuestView component of the Chromium browser.
CVE-2017-5042 Medium Yes Information disclosure
An issue resulting from incorrect handling of cookies has been found in the Cast component of the Chromium browser.
CVE-2017-5041 Medium Yes Content spoofing
An address spoofing flaw has been found in the Omnibox component of the Chromium browser.
CVE-2017-5040 Medium Yes Information disclosure
An information disclosure flaw has been found in the V8 component of the Chromium browser.
CVE-2017-5039 Critical Yes Arbitrary code execution
A use after free flaw has been found in the PDFium component of the Chromium browser.
CVE-2017-5038 High Yes Arbitrary code execution
A use after free flaw has been found in the GuestView component of the Chromium browser.
CVE-2017-5037 Critical Yes Arbitrary code execution
Multiple out of bounds writes have been found in the ChunkDemuxer component of the Chromium browser.
CVE-2017-5036 Critical Yes Arbitrary code execution
A use after free flaw has been found in the PDFium component of the Chromium browser.
CVE-2017-5035 High Yes Content spoofing
An incorrect security ui flaw was found in the Omnibox component of the Chromium browser.
CVE-2017-5034 Critical Yes Arbitrary code execution
A use after free flaw has been found in the PDFium component of the Chromium browser.
CVE-2017-5033 Medium Yes Access restriction bypass
A flaw allowing to bypass the content security policy has been found in the Blink component of the Chromium browser.
CVE-2017-5032 Critical Yes Arbitrary code execution
An out of bounds write flaw has been found in the PDFium component of the Chromium browser.
CVE-2017-5031 Critical Yes Arbitrary code execution
A use-after-free flaw has been found in the ANGLE component of the Chromium browser.
CVE-2017-5030 Critical Yes Arbitrary code execution
A memory corruption flaw was found in the V8 component of the Chromium browser.
CVE-2017-5029 Critical Yes Arbitrary code execution
An integer overflow issue has been found in libxslt, leading to an out of bounds write on 64-bit systems.
Date Advisory Package Description
11 Mar 2017 ASA-201703-4 chromium multiple issues
References
https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html